W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Fw: XML versus ASN.1/DER blob

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Tue, 20 Apr 1999 11:18:39 +0200
To: "John Boyer" <jboyer@uwi.com>, "Bede McCall" <bede@mitre.org>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Message-ID: <002801be8b0e$c6a11100$fb0110ac@pbaker-pc.verisign.com>

I don't think we need to address signature schemes based on
autographs for the following reasons:

1) The packing format had better allow any signature scheme
	which produces as authentication data a string o' bits
	which is a function of the message and optionaly some
	additional data.

	There are good reasons for allowing an SHA-1 hash or an
	HMAC authentication blob, biometrics should be simply
	another such blob.

2) Do we think we have a need for significant input of crypto
	expertise? I don't think so, at this level we are treating
	PKCS#1 RSA, DSS etc as well behaved black boxes. 

	If we feel we can proceed without detailed instructions along
	the way from Rogaway, Rivest, Kaliski et al we whould expect 
	autograph identification methods to be capable of being
	treated in an equally black box fashion.

3) Biometric techniques are not commodified to the same extent that
	RSA, DSS etc are. Patent issues aside, RSA is RSA whoever you
	buy it from, same for DSS. Even the more 'exotic' reaches
	of cryptography such as eliptic curve are well defined and
	standards defined.

	I don't think it would be possible to address biometric
	techniques without addressing specific proprietary techniques
	which would in turn lead to the issue of endorsement which
	I don't think W3C should get involved in - not unless they
	want to actually conduct trials of biometric techniques which
	I don't think they do.

4) The applications of biometrics and the applications of digital 
	signatures are disjoint. I do not see an overlap, I consider
	biometrics important precisely because they can do things 
	which digital signatures cannot. I don't 

	No biometric technique is proof against a sampling attack. Each
	person has one and only one biometric profile. Individual
	mechanisms may sample that profile and base their analysis on
	a subset but there is no means of preventing a complete sampling
	of the original.

	At most a biometric proves is that there was knowledge of a 
	biometric profile required to create a signature. That is very
	different to the assurance of a digital signature which establishes
	that there was knowledge of a specific piece of information.
	Empirically, it is easier to do a biometric scanning attack than
	a brain scanning attack! It is also easier to learn new pieces of 
	information than change your fingerprint or autograph.

I know there are folk in the biometric industry who dispute this, and that
is kind of the point. I don't think the argument is usefull or necessary
however. It is currently raqging with much FUD in the legal arena. I don't
think we need to have the arguments rehearsed here too...


		Phill
Received on Wednesday, 21 April 1999 05:18:29 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT